May 2, 2024 at 11:18AM Several Android apps in the Google Play Store were found vulnerable to a path traversal-affiliated exploit, allowing malicious apps to overwrite files in the vulnerable app’s home directory. The implications include arbitrary code execution and token theft. Vulnerable apps include Xiaomi File Manager and WPS Office, but the issue has … Read more
May 2, 2024 at 06:27AM Dropbox disclosed that its subsidiary, Dropbox Sign, experienced a data breach on May 2, 2024. Unidentified threat actors accessed user emails, usernames, and account settings. Phone numbers, hashed passwords, and authentication information of some users were also compromised. Dropbox is investigating, cooperating with authorities, and taking steps to protect affected … Read more
May 2, 2024 at 01:18AM The new malware, Cuttlefish, targets small office and home office (SOHO) routers to secretly monitor network traffic and gather authentication data from web requests. It can also hijack DNS and HTTP connections, exfiltrate data, and act as a proxy or VPN. The cybersecurity firm warns that it poses a serious … Read more
May 1, 2024 at 09:27AM Cuttlefish, a new malware, targets enterprise and SOHO routers, creating proxy/VPN tunnels to steal data and authentication information. It can perform DNS/HTTP hijacking, targeting services such as Alicloud, AWS, and BitBucket. Black Lotus Labs found its active campaign in Turkey and recommends strengthening security measures and monitoring for unusual logins. … Read more
May 1, 2024 at 07:12AM In order to improve security, organizations must recognize the importance of training their staff to become the first line of defense against cyber threats. Security Awareness Training (SAT) aims to educate employees on cybersecurity risks, minimize exposure to threats, and maintain regulatory compliance. However, the efficacy of traditional SAT programs … Read more
May 1, 2024 at 07:12AM The ZLoader malware, resurfaced after a two-year hiatus, has evolved with new anti-analysis features that make it harder to detect and analyze. It now restricts execution to the infected machine and employs techniques to avoid running on different hosts. Additionally, threat actors are utilizing fraudulent websites to spread malware through … Read more
May 1, 2024 at 05:09AM APT & Targeted Attacks Summary Cybercriminals and nation state actors both exploit compromised routers for anonymization. FBI disrupted Pawn Storm’s botnet of Ubiquiti EdgeRouters, which was used for various malicious activities. Despite the disruption, the botnet operator continued to control some bots. Multiple threat actors used backdoored SSH servers on … Read more
April 30, 2024 at 01:33PM Three critical-severity vulnerabilities in the Judge0 open source service enable sandbox escapes and complete host machine takeovers. The flaws impact versions before 1.13.1 and can lead to code execution outside the sandbox, privilege escalation, and full system access. While version 1.13.1 addresses the issues, the potential for exploitation via other … Read more
April 29, 2024 at 07:48AM Today’s cyber threats are becoming increasingly complex, requiring better and more consolidated approaches. Exposure Management offers a comprehensive method to identify, evaluate, and address security weaknesses across an organization’s digital footprint. Contrasting it with other common approaches such as Penetration Testing, Red Teaming, Breach and Attack Simulation tools, and Risk-Based … Read more
April 28, 2024 at 10:30PM Discord data harvesting site Spy.pet, which gathered information on over 620 million users, was shut down after its existence became known. Discord is working to take action and considering legal action. Critical vulnerabilities in OT world include issues in Honeywell, Hitachi Energy, and Rockwell Automation. Additionally, an infostealer campaign is … Read more